Apple’s AirTag was announced and released not too long ago, but it seems that less than a month since its official unveiling, the gadget has already been hacked. Now the good news is that this hack comes from IT security researcher stacksmashing on Twitter, meaning it’s more about showing off the possibility rather than doing it for malicious purposes.
In the hack, what the researcher did was he managed to reverse engineer the microcontroller in the AirTag, although it seems that it wasn’t as easy as he had imagined as he actually bricked two AirTags in the process. However, once he did access the microcontroller, he reflashed it and made changes to how the device functioned.
Yesss!!! After hours of trying (and bricking 2 AirTags) I managed to break into the microcontroller of the AirTag! 🥳🥳🥳
— stacksmashing (@ghidraninja) May 8, 2021
Basically what he did was he changed the URL on the AirTag to a different one. For those wondering, when an AirTag has been put into lost mode, whenever an NFC-enabled device like an iPhone or an Android phone is put close to the AirTag, they will get a prompt that will open their browser and redirect them to Apple’s website where they can get in touch with the owner.
However, by modifying the URL, it means that someone could purposely leave “lost” AirTags lying around for people to pick up, and when they attempt to launch the website, they could be redirected malicious content instead. It is unclear how Apple plans to respond to this issue but it sounds like something that definitely needs to be addressed.